Microsoft Rolls Out Next Version of Windows Intune Cloud Service

"Wave 2," the name of the second generation of Microsoft's Windows Intune cloud-based PC management service, was released as scheduled on Monday.

Microsoft expects to have all current Windows Intune users moved to the Wave 2 version by the end of 2011. Users will start to get alerts about the update two weeks before it arrives. The beta version of Windows Intune is scheduled to end on Nov. 17, but Microsoft's FAQ says users of the trial version who subscribe to the service will be able to carry over their configurations and data.

Windows Intune provides screens for IT personnel to manage and secure a network of PCs. The service features the use of the System Center Online Desktop Manager, as well as the same engine that powers the Microsoft Forefront Endpoint Protection system for anti-malware protection and firewall security. In addition, users get upgrade rights to Windows 7 Enterprise edition.

This release adds some new features to Microsoft's hosted PC management and security solution for organizations. Many of these features seem like they should have been part of the service before. However, Windows Intune is still relatively new, having been launched about seven months ago. Microsoft has big plans for the service, according to Eric Main, director for Windows Intune product marketing.

"Eventually, Windows Intune will deliver more management capabilities than the on-premises solutions but with less cost and higher productivity," Main claimed in a blog post.

New Features
Software distribution is one of the new features added to Windows Intune Wave 2. Users can now upload .EXE, .MSI or .MSP files of any managed software product up to Microsoft's Windows Azure cloud with the aim of installing software across a network of PCs. Those using the free trial version of Windows Intune get 2 GB of storage space for software distribution uploads. Subscribers to Windows Intune get 20 GB of storage space, and Microsoft leases additional space in 1 GB increments, according to this TechNet library article.

The remote tasks addition to Windows Intune lets users run malware scans and update malware definitions on individual PCs. Users can also remotely restart those PCs. The function can be accessed by simply right clicking on a PC in a screen.

Microsoft improved reporting in Windows Intune by adding new filters for hardware. It now has filters for CPU speed, disk space, chassis type, manufacturer and memory. In addition, alerts were improved to display when certain thresholds are reached, such as hard drive space. Administrators can now set rights on their accounts for sharing with others, such as specifying "read-only" rights to share the administration console.

Users can now enable the installation of Windows Intune on PCs even when they are not online. Installation takes place when the PC establishes an Internet connection.

Usability has been improved with right-click access to commands and greater customization of screen views. There's also drag and drop capability. For instance, to move a PC to a different group, just select it and drag it to that group. Group Policy isn't needed for Windows Intune, but if it's already in use, the Group Policy settings take precedence. Windows Intune also does not rely on Active Directory.

A few other features were introduced in the July beta of Wave 2, including the ability to manage the licenses of Microsoft's software, as well as the software of other vendors. However, Microsoft added a caveat in its FAQ, saying that this feature is a convenience only. Users "should not rely on it to confirm compliance with Microsoft volume licensing agreements."

Windows Intune's Scope
Microsoft conceives of Windows Intune for two basic customer scenarios. One scenario might be for smaller organizations lacking a PC management structure, according to Main, in a phone interview. The second use case is for organizations that have a robust infrastructure for on-premises machines but have issues supporting mobile users. These organizations could use the DirectAccess feature, available in some editions of Windows 7, to maintain mobile connections, but they'd also need licenses for Windows Server 2008 R2 to use DirectAccess, he noted.

Another rationale for using Windows Intune is obtaining upgrade rights to Windows 7 Enterprise edition, especially given the impending end of Windows XP support, which terminates in April 2014. However, Microsoft doesn't install Windows 7 with Windows Intune. Organizations just get the upgrade rights. So, the machines targeted for an upgrade have to meet Windows 7's hardware requirements and there also needs to be a license for an earlier Windows version on that machine supporting the Professional, Enterprise or Ultimate editions.

Windows Intune can scale to 20,000 PCs. After that amount, a new account needs to be opened with Microsoft to manage any additional PCs. The cost of Windows Intune is $11 per person monthly, but it's still offered on an annual basis, so customers commit to a full year's payment. For instance, Microsoft's FAQ explains that "During month two through the end of the initial subscription, customers can request to discontinue their service, but they will be responsible for paying for the entire initial 12-month subscription."

If subscribers stop paying, they don't get to keep their Windows 7 upgrade licensing, although Main said that Microsoft has some sort of buyout arrangement available. According to a Microsoft spokesperson, "there is a buyout option for the Windows license if a customer cancels after 12 months; the buyout option is not available during the first year." Software Assurance licensees get a discount if they sign up for Windows Intune because there are Software assurance benefits associated with that service.

For $1 per month per person extra, Windows Intune subscribers get access to the Microsoft Desktop Optimization Pack (MDOP). MDOP is a set of tools that enables desktop virtualization and application virtualization, as well as diagnostics and recovery, among other solutions. MDOP is a perk typically reserved for Software Assurance licensees or those who opt for Microsoft's Windows Virtual Desktop Access licensing.

About the Author

Kurt Mackie is senior news producer for 1105 Media's Converge360 group.


Subscribe on YouTube